Back to Details

hackerone

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

HackerOne Bug Bounty Hunting

HackerOne漏洞赏金狩猎

Automates HackerOne workflows: scope parsing → parallel testing → PoC validation → submission reports.
可自动化处理HackerOne工作流:范围解析 → 并行测试 → PoC验证 → 提报报告。

Quick Start

快速开始

1. Input: HackerOne program URL or CSV file
2. Parse scope and program guidelines
3. Deploy Pentester agents in parallel (one per asset)
4. Validate PoCs (poc.py + poc_output.txt required)
5. Generate HackerOne-formatted reports
1. Input: HackerOne program URL or CSV file
2. Parse scope and program guidelines
3. Deploy Pentester agents in parallel (one per asset)
4. Validate PoCs (poc.py + poc_output.txt required)
5. Generate HackerOne-formatted reports

Workflows

工作流

Option 1: HackerOne URL
- [ ] Fetch program data and guidelines
- [ ] Download scope CSV
- [ ] Parse eligible assets
- [ ] Deploy agents in parallel
- [ ] Validate PoCs
- [ ] Generate submissions
Option 2: CSV File
- [ ] Parse CSV scope file
- [ ] Extract eligible_for_submission=true assets
- [ ] Collect program guidelines
- [ ] Deploy agents
- [ ] Validate and generate reports
选项1: HackerOne URL
- [ ] Fetch program data and guidelines
- [ ] Download scope CSV
- [ ] Parse eligible assets
- [ ] Deploy agents in parallel
- [ ] Validate PoCs
- [ ] Generate submissions
选项2: CSV文件
- [ ] Parse CSV scope file
- [ ] Extract eligible_for_submission=true assets
- [ ] Collect program guidelines
- [ ] Deploy agents
- [ ] Validate and generate reports

Scope CSV Format

范围CSV格式

Expected columns:
  • identifier
    - Asset URL/domain
  • asset_type
    - URL, WILDCARD, API, CIDR
  • eligible_for_submission
    - Must be "true"
  • max_severity
    - critical, high, medium, low
  • instruction
    - Asset-specific notes
Use 
tools/csv_parser.py
to parse.
预期包含的列:
  • identifier
    - 资产URL/域名
  • asset_type
    - URL, WILDCARD, API, CIDR
  • eligible_for_submission
    - 必须为"true"
  • max_severity
    - critical, high, medium, low
  • instruction
    - 资产专属说明
使用
tools/csv_parser.py
进行解析。

Agent Deployment

Agent部署

Pentester Agent per asset:
  • Passes program-specific guidelines
  • Tests all vulnerability types
  • Returns validated findings with PoCs
Parallel Execution:
  • 10 assets = 10 Pentester agents
  • Each spawns 30+ specialized agents
  • Total: 300+ concurrent tests
  • Time: 2-4 hours vs 20-40 sequential
每个资产对应一个Pentester Agent
  • 传入项目专属规则
  • 测试所有漏洞类型
  • 返回带PoC的已验证发现
并行执行
  • 10个资产 = 10个Pentester Agent
  • 每个可生成30+专用Agent
  • 总计:300+并发测试
  • 耗时:2-4小时,而串行测试需20-40小时

PoC Validation (CRITICAL)

PoC验证(关键步骤)

Every finding MUST have:
  1. poc.py
    - Executable exploit script
  2. poc_output.txt
    - Timestamped execution proof
  3. workflow.md
    - Manual steps (if applicable)
  4. Evidence screenshots/videos
Experimentation: Test edge cases, verify impact, document failures.
每个发现必须包含
  1. poc.py
    - 可执行的利用脚本
  2. poc_output.txt
    - 带时间戳的执行证明
  3. workflow.md
    - 手动步骤(如适用)
  4. 证据截图/视频
测试要求:测试边界场景,验证影响范围,记录失败案例。

Report Format

报告格式

Required sections (HackerOne standard):
  1. Summary (2-3 sentences)
  2. Severity (CVSS + business impact)
  3. Steps to Reproduce (numbered, clear)
  4. Visual Evidence (screenshots/video)
  5. Impact (realistic attack scenario)
  6. Remediation (actionable fixes)
Use 
tools/report_validator.py
to validate.
必填章节(HackerOne标准):
  1. 概述(2-3句话)
  2. 严重等级(CVSS + 业务影响)
  3. 复现步骤(编号清晰)
  4. 可视化证据(截图/视频)
  5. 影响说明(真实攻击场景)
  6. 修复方案(可落地的修复措施)
使用
tools/report_validator.py
进行验证。

Output Structure

输出结构

Per OUTPUT.md - Bug Bounty format:
outputs/<program>/
├── findings/
│   ├── finding-001/
│   │   ├── report.md           # HackerOne report
│   │   ├── poc.py              # Validated PoC
│   │   ├── poc_output.txt      # Proof
│   │   └── workflow.md         # Manual steps
├── reports/
│   ├── submissions/
│   │   ├── H1_CRITICAL_001.md  # Ready to submit
│   │   └── H1_HIGH_001.md
│   └── SUBMISSION_GUIDE.md
└── evidence/
    ├── screenshots/
    └── http-logs/
符合OUTPUT.md的漏洞赏金格式:
outputs/<program>/
├── findings/
│   ├── finding-001/
│   │   ├── report.md           # HackerOne report
│   │   ├── poc.py              # Validated PoC
│   │   ├── poc_output.txt      # Proof
│   │   └── workflow.md         # Manual steps
├── reports/
│   ├── submissions/
│   │   ├── H1_CRITICAL_001.md  # Ready to submit
│   │   └── H1_HIGH_001.md
│   └── SUBMISSION_GUIDE.md
└── evidence/
    ├── screenshots/
    └── http-logs/

Program Selection

项目选择

High-Value:
  • New programs (< 30 days)
  • Fast response (< 24 hours)
  • High bounties (Critical: $5,000+)
  • Large attack surface
Avoid:
  • Slow response (> 1 week)
  • Low bounties (Critical: < $500)
  • Overly restrictive scope
高价值项目
  • 新上线项目(< 30天)
  • 响应速度快(< 24小时)
  • 赏金高(严重漏洞:$5,000+)
  • 攻击面大
需避开的项目
  • 响应慢(> 1周)
  • 赏金低(严重漏洞:< $500)
  • 范围限制过严

Critical Rules

关键规则

MUST DO:
  • Validate ALL PoCs before reporting
  • Sanitize sensitive data
  • Test only 
    eligible_for_submission=true
    assets
  • Follow program-specific guidelines
  • Generate CVSS scores
NEVER:
  • Report without validated PoC
  • Test out-of-scope assets
  • Include real user data
  • Cause service disruption
必须遵守
  • 提报前验证所有PoC
  • 脱敏敏感数据
  • 仅测试
    eligible_for_submission=true
    的资产
  • 遵守项目专属规则
  • 生成CVSS评分
严禁操作
  • 无验证PoC就提报
  • 测试范围外的资产
  • 包含真实用户数据
  • 造成服务中断

Quality Checklist

质量检查清单

Before submission:
  • Working PoC with poc_output.txt
  • Accurate CVSS score
  • Step-by-step reproduction
  • Visual evidence
  • Impact analysis
  • Remediation guidance
  • Sensitive data sanitized
提报前:
  • 可正常运行的PoC及poc_output.txt
  • 准确的CVSS评分
  • 分步骤的复现说明
  • 可视化证据
  • 影响分析
  • 修复指引
  • 敏感数据已脱敏

Tools

工具

  • tools/csv_parser.py
    - Parse HackerOne scope CSVs
  • tools/report_validator.py
    - Validate report completeness
  • /pentest
    skill - Core testing functionality
  • Pentester agent - Orchestrates testing
  • tools/csv_parser.py
    - 解析HackerOne范围CSV
  • tools/report_validator.py
    - 验证报告完整性
  • /pentest
    skill - 核心测试功能
  • Pentester agent - 协调测试流程

Integration

集成

Uses 
/pentest
skill and Pentester agent. Follows OUTPUT.md for submission format.
使用
/pentest
skill和Pentester Agent,遵循OUTPUT.md的提报格式。

Common Rejections

常见驳回原因

Out of Scope: Check 
eligible_for_submission=true
Cannot Reproduce: Validate PoC, include poc_output.txt Duplicate: Search disclosed reports, submit quickly Insufficient Impact: Show realistic attack scenario
超出范围:检查
eligible_for_submission=true
无法复现:验证PoC,包含poc_output.txt 重复提交:搜索已公开报告,尽快提交 影响不足:展示真实可行的攻击场景

Usage

使用方法

bash
/hackerone <program_url_or_csv_path>
bash
/hackerone <program_url_or_csv_path>